MVC :: Bit Lost On First Custom Authorization Attribute?
Mar 2, 2010
I want to create a single custom authorization attribute to be added to controller actions that require authenticated users.
My first shot at this, so I may have it all wrong
Got 3 Roles which corresponds to 3 Areas in my application (Client app, so I'll just call them RoleOne, RoleTwo, RoleThree and AreaOne, AreaTwo, AreaThree).
Each area have similiar (to a point) views and actions, like Sign Up, Area specific home, etc.
In the attribute I want to determine the current area, controller and action. Then I just add code like:
If not logged in, and in AreaOne, go to AreaOne Signup (etc)If logged in as RoleOne, and AreaOne Home is requested, go there, but if AreaTwo Home is requested ,go to AreaTwo Signup So in my attribute class I need to determine the current area, controller and action, and see what kind of user we have logged in (if any)
Using ActionExecutingContext it seems I can determine the contoller and action method names, however I cannot find the Area name, and altered the attribute to be called like this:
I have a custom authorization attribute, that basically check if the current user's role is equals to the current area name, and if not, redirect them to the signup view in that requested area. (dummy role provider at this this stage, therefor check it against the user's name at the moment)
It runs fine (IIS) but when I debug it I can see a Security Exception are being thrown by the code
I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...
My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:
[Authorize(Roles="Administrators")]
However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:
[code]....
However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.
If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.
I have a gridview control that extends the default gridview. I have added an attribute called "hiddenSelectedValues" to to the gridview during the "PreRender" event and I have a private variable that points to the value of that attribute.I have some javascript code that modifies the value of this attribute based on the user checking or unchecking checkboxes in the grid. I have confirmed that the javascript is indeed modifying the value of the "hiddenSelectedValues" attribute by using Firebug to see the change as it happens.
However, once a postback occurs, the grid looses the updated value of this attribute and I am unable to reference get the updated value on the server side.How do I keep the value of an attribute changed by javascript on postback?
I have a gridview control that extends the default gridview. I have added an attribute called "hiddenSelectedValues" to to the gridview during the "PreRender" event and I have a private variable that points to the value of that attribute.
I have some javascript code that modifies the value of this attribute based on the user checking or unchecking checkboxes in the grid. I have confirmed that the javascript is indeed modifying the value of the "hiddenSelectedValues" attribute by using Firebug to see the change as it happens.
However, once a postback occurs, the grid looses the updated value of this attribute and I am unable to reference get the updated value on the server side.
How do I keep the value of an attribute changed by javascript on postback?
I have used standard asp.net roles and membership provider in my asp.net mvc project. The resources like creating an employee and setting its role can only be done by administrator. Now at first delivery of software to client, there will be no user, i want to implement a functionality where if there are no users in the system user can directly create new employee and assign roles without logging in. Once the roles are assigned user will have to log in to access authorized resources. Can i implement custom action filters that will assist me in implementing this functionality? How can i impelment this functionality?
how to write/implement custom authorization filter , i am using my own custom Authentication module and roles and not ASP.net forms authentication and have my user and role information in my sessions...
say Session["role"] = "Admin" or Session["role"] = "User"
how can i write custom filter to prevent users to access certain functionalities i.e Controller actions.
I've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Directory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused. You see, the user name and password are stored in AD. So, my approach is that after the LoggedIn event of the Login Control, I check if UserName is not yet stored in the Users table yet, then I will store the UserName there. Finally, I have all the UserName of the AD users store in the Users table so I can assign Roles to the users. see my tables diagram below:
Let's say I assign UserA to RoleOne. After he logs in successfully, I do some query to look for his Roles.
Where do I keep the Role ticket? In the Cookie or in the session? How does the authorization of ASP.NET role provider work? I want to store the authorization ticket like ASP.NET role prover does too.
I've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Driectory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused.You see, the user name and password are stored in AD. So, my approach is that after the LoggedIn event of the Login Control, I check if UserName is not yet stored in the Users table yet, then I will store the UserName there. Eventually, I have all the UserName of the AD users store in the Users table so I can assign Roles to the users.
Let's say I assigned UserA to RoleOne. After he logs in successfully, I do some query to look for his Roles.
Where do I keep the Role ticket? In the Cookie or in the session? How does the authorization of ASP.NET role provider work? I want to store the authentication ticket like ASP.NET role prover does too.
I customized a button from System.Web.UI.WebControls.Button (it is a Custom Control, NOT an User Control, no ascx file)the intention is to adding a OrderID property to the button, that can be bound to a datasource field.
Here is how this control is used in a aspx page:
[Code]....
Here is my definition of the MYButton class, it saved in a .vb file and placed in App_Code folder
[Code]....
Here is the code trying to use the OrderID in btnSave_Click()
[Code]....
The problem is OrderID is always returned as 0.
When first time page is loaded, and gridview is bind to a data source, I step through the code, and the OrderID property are set correctly, but after the postback caused by the button, the OrderID value has lost.
When a user attempts to directly visit the url admin.aspx, and they are not an admin, they are redirected to the login page. However, the user then attempts to visit ViewWeek.aspx, it indicates that they are still logged in. Why does this ASP.NET authorization boot the user to the login screen, yet keep the user logged in? I'd rather it just direct the user to the default URL specified in the forms tag.
Supposing I have a user control like this <MyTag:MyWidget runat="server" /> I am wondering if I can do something like <MyTag:MyWidget runat="server" MemberHeight="400" PublicHeight="200" /> So that in MyWidget.ascx I can have <div height="<%=IsLoggedIn ? MemberHeight : PublicHeight%>"> or something like that...? Because I want the height to vary in each page that is using this widget.
Is it possible to access a parent class from within an attribute.
For example I would like to create a DropDownListAttribute which can be applied to a property of a viewmodel class in MVC and then create a drop down list from an editor template. I am following a similar line as Kazi Manzur Rashid here.
He adds the collection of categories into viewdata and retrieves them using the key supplied to the attribute.
I would like to do something like the below,
public ExampleDropDownViewModel { public IEnumerable<SelectListItem> Categories {get;set;} [DropDownList("Categories")] public int CategoryID { get;set; } }
The attribute takes the name of the property containing the collection to bind to. I can't figure out how to access a property on the parent class of the attribute. Does anyone know how to do this?
I've create a custom attribute for my web pages... In the base page class I've created I'm trying to pull if that attribute has been set. Unfortunately it does not come back as part of the GetCustomAttributes function. Only if I explicitly use the typeof(myclass) to create the class. I have a feeling it's due to how asp.net classes are generated.
I have some code which is rendering some custom attributes of Hidden Control (without runat=server).
Something like,
And I have a lot of these hidden elements on my form.
When I submit the form, I am looping through a set of ids, say 1200 to 1250, so I will read controls based on that, and also hidden with Request.Form["hdn "]
Now problem is, as we know we get value attribute from form when we do Request.Form["id"] for hidden, I want to read my custom attributes from hidden element. Is there any way? Note that, I can not touch the rendering part here.
To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
I got this error at time of running ma published website but only for 1page this error occurred how it can be solved.
The attribute is not rendered to the client, even when the custom namespace is declared in the html element like: <html xmlns= [URL] Does anyone know of a way to get this to render to the client, without having to use a custom control. A module or other globally "pluggable" solution would be acceptable.
I'm new to ASP.NET and MVC in particular. Now, I'm trying to understand if I can easily get values of custom attributes of submitted data. For example, When writing something like this inside a form (which works and posts and I can get the checkbox value) <%= Html.CheckBox("cb1", new { listen = "listen:6" }) %> Can I get the value of "listen" directly or do I need JS? (I know I can just use hidden fields, but I'm I'm asking anyway)
I have some code which is rendering some custom attributes of Hidden Control (without runat=server).
Something like,
<input type='hidden' id = 'hdn1221' name = 'hdn1221' OldValue = '12' OldMode = 'A' />
And I have a lot of these hidden elements on my form.
When I submit the form, I am looping through a set of ids, say 1200 to 1250, so I will read controls based on that, and also hidden with Request.Form["hdn<Id> "]
Now problem is, as we know we get value attribute from form when we do Request.Form["id"] for hidden, I want to read my custom attributes from hidden element. Is there any way? Note that, I can not touch the rendering part here.
I have an ASP.NET 3.5 Site where, in some places, I am checking if the currently logged on Active Directory user is in a certain AD Security Group. In the Page_Load I'm doing something like this:
if (isInADGroup(UserGUID)) { //proceed }
Now I was wondering, couldn't I just create a Custom Attribute, like some of MVC's security attributes, which runs this check and cancels the execution or displays an error message?
I have a [BeastAuthenticate] attribute on my controller. The following code works fine but I would like to use Contructor (Dependency) Injection with Unity. The problem is that the attribute will run the contructor with no parameters. terfaces ITMSLogger and IADGroups are setup to use Dependency Injection with TMSLogger and ADGroups respectively. The following code works fine but doesn't use dependency injection for class ADGroups.
[Code]....
I tried the following but I'm getting an error ("Object reference is required...") with "this (adGroups).
